The COVID-19 pandemic has wreaked havoc on people from all walks of life, young and old, rich and poor alike. A recent report released by Kaspersky estimates that by April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Now that the school season is upon us again, how are educational institutions planning to tackle the innumerable challenges this disease keeps throwing at us?
As schools and colleges reopen across the world, students, teachers, and parents are already struggling to deal with the scores of policies put in place to curb the spread of infection. Some schools are reopening physically, others are opting for remote learning models, and some are doing a hybrid of both physical and virtual classes. This worldwide phenomenon has resulted in an unprecedented upsurge in the demand for online educational resources. This rapid migration from physical to virtual learning was made with little preparation, resulting in the adoption of virtual resources growing exponentially without proper consideration of cybersecurity best practices.
With so many educational services moving to the digital space, attackers have been targeting this vast new attack surface. In June, Microsoft Security Intelligence reported that the education industry accounted for 61 percent of the 7.7 million malware encounters reported in the previous month. As most students and teachers access learning platforms digitally from unmonitored environments, the number of threat factors plaguing the industry has increased manifold: vulnerable video conferencing applications, malware, adware, distributed denial-of-service (DDoS) attacks, the list goes on.
Before delving into this worrying rise of cyberattacks, it’s important to understand what’s at stake here. Though schools may not seem like the most obvious targets for cybercriminals, educational institutions actually store a wealth of highly sensitive information, like contact information, academic records, Social Security numbers, financial information, health records, and more, which makes them lucrative targets for hackers. And now, with the majority of students using smart devices and mobile applications to keep track of coursework, student news, and events, there are numerous opportunities for attackers to strike. To top it all off, many universities also conduct government sponsored research, which may contain critical state information.
The rise of ransomware
Remote learning has brought with it a host of security challenges that educational institutions weren’t prepared for. Systems and applications originally intended to be accessed from internal networks alone now need to be opened up for remote access, innumerable devices not previously connected to the school’s network now need regular access to various educational services, and what was previously limited to only a few people accessing certain online services has now expanded to include entire student bodies and staff members. Not only do these challenges compound the risks, they also introduce new users (who are largely unaware of cybersecurity best practices) into the ecosystem, which places additional stress on the school’s IT staff.
Ransomware attacks have become increasingly common in the last few years, with the number of attacks going up exponentially during the pandemic. Ransomware attacks typically start with phishing emails containing malware-embedded attachments. However, recently, criminals have also started exploiting Remote Desktop Protocol and Server Message Block vulnerabilities to attack schools. One of the most concerning factors is that ransomware attackers today aren’t just encrypting data, but also threatening to publish it online. With the host of personally identifiable information (PII) that schools store, including many schools that even record online classes for students unable to participate, this is a huge privacy concern for educational institutions.
Debilitating DDoS attacks
According to the Kaspersky report, for each month from February to June, the number of DDoS attacks that affected educational resources was 350 to 500 percent greater in 2020 than in the corresponding month in 2019. Globally, the total number of DDoS attacks grew by 80 percent in the first quarter of 2020 when compared to Q1 2019, and a majority of these attacks can be directly attributed to the rise of e-learning services.
DDoS attacks are notorious, as they can last anywhere between a few hours to a few weeks, causing major operational disruption and denying access to critical services. Educational institutions have reportedly witnessed a marked increase in phishing pages and emails exploiting various educational online platforms in an attempt to lure victims into downloading threats. However, schools should also understand that by going remote, it’s not necessarily the devices that students are using that pose a risk. There are multiple factors the school should factor in when they enable remote learning, such as the network boundaries and authentication services.
Keeping attackers at bay
The good news is that schools are finally starting to realize the importance of cybersecurity controls and measures. In order to protect the educational community in this new learning environment, here are a few best practices to consider:
- Closely monitor sensitive data collection: Understand the type of data that your school needs, and ensure that it’s collecting only the required amount of information. Periodically review the data collection processes, and scan your network to keep track of all the PII collected. The less data collected, the fewer the chances of it being exposed.
- Perform data backups: Always prepare for the worst, and have backups of your data ready. Make sure to store the backups off site so they don’t get exposed if the school’s network gets attacked.
- Assess your vendors: Educational institutions rely heavily on technology providers to facilitate remote learning, and if these vendors aren’t diligent about the security controls they weave into their products, you could be exposing your school’s systems to greater risk. Always assess your vendor choices carefully.
- Implement identity management controls: Identity management is the key element in protecting your school’s network. Configure processes and policies so that only authorized people can access critical resources with the right authentication mechanisms. Additionally, you can also segment the school’s network so only the parts necessary for online learning are accessible over the internet.
- Educate, educate, educate: With so many stakeholders closely involved in the learning ecosystem, it takes just one slip up to snowball into a catastrophe. To prevent this, undertake regular cybersecurity education and training programs to drive home the importance of following basic cyber hygiene best practices.
Lastly, it’s always a good idea to get your basics right. Vulnerability management, sensitive data encryption, strong password policies: These are all regular security practices that organizations should be following. This school season is definitely going to be challenging, with institutions striving to deliver quality education amidst the ever-changing pandemic-influenced landscape. However, given the variety of challenges COVID-19 has already presented, don’t let cybersecurity concerns get the best of you.